New issue
Advanced search Search tips

Issue 614449 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: May 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug



Sign in to add a comment

Security: gmail log in

Reported by ssv...@gmail.com, May 24 2016 
This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please see the following link for instructions on filing security bugs:
http://www.chromium.org/Home/chromium-security/reporting-security-bugs


VULNERABILITY DETAILS
Using Chrome I am able to bypass gmail log in information if the previous gmail user was not logged out or had not closed the program prior to shutting down the computer. Chrome is set to not remember a password for gmail. Please note that this only works when using the steps described below. If any of the steps take more than a few seconds, it will not work and will prompt for log in info.
- Step one: with gmail open in Chrome, shut down computer without logging out or closing Chrome.
- Step two: start computer
- Step three: immediately click on chrome icon in taskbar
- Step four: immediately type in gmail in url bar before chrome has fully loaded icons on page
- This will pull log me into the previous gmail session without entering in any log in info.

VERSION
Chrome Version: Version 50.0.2661.102 m
Operating System: Windows 10 Pro Version 1511 OS Build 10586.318

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace, registers, exception record]
Client ID (if relevant): [see link above]

Comment 1 by lgar...@chromium.org, May 24 2016

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
Cookies are saved across browser restarts, which is an intended feature.

I you want to log out from GMail, make sure to log out from the site.
If a site does not want to allow a user to stay logged in across browser restarts, they can use a mechanism like sessionStorage.

Comment 2 by ssv...@gmail.com, May 24 2016 

I think you may misunderstand. It is not intended and this issue does not happen on browser restarts. This only happens as I've described. If I restart chrome, I am prompted for a two-step verification. If I do exactly as I describe then I am not prompted for anything whatsoever. This is an issue that doesn't have anything to do with cookies on browser restarts. I am by no means an expert, but please read my description again.

Comment 3 by ssv...@gmail.com, May 24 2016 

I have made a video showing how once I close my browser I'm prompted to reenter my username and password along with 2-step verification once I close the browser, then I log in again, shut the computer down and upon starting opening chrome and being logged into gmail without any prompt. Then I close chrome and start it again clearly showing again being prompted for a username. There is something happening here where when I follow these steps, the log in is bypassed if done quickly enough. I have a video showing this, but it is slightly too large to upload it here. I've spent time on this only because I think it should be fixed, so please just take a look again.

Comment 4 by ssv...@gmail.com, Jun 3 2016 

Well I haven't heard anything else yet, so I will wait a few more weeks before posting the video on YouTube for other people to see so that hopefully someone can take notice and fix this.

Sign in to add a comment